Found 7 bookmarks
Custom sorting
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
In September of 2024 while on a customer assigment I encountered the “Network Configuration Operators” group, a so called builtin group of Active Directory (default). As I had never heard of or encountered this group membership before, it sprung to eye immediately. Initially I tried to look up if it had any security implications, like its more known colleagues DNS Admins and Backup Operators, but to no avail. Surpisingly little came up about the group but I couldn’t help myself from probing further. This led me down the rabbithole of Registry Database access control lists and possibilities of weaponization, culminating with the discovery of CVE-2025-21293. Before we move along to the body of work, I have to give out a special thanks to Clément Labro, who initially did the heavy lifting of finding a way to weaponize performancecounters. (This will hopefully make more sense by the end of the article) and my colleagues at ReTest Security ApS, who have provided me with knowledge in the field and the oppertunity to put it to use.
#birkep#EN#2025#CVE-2025-21293#vulnerability#Active-Directory#Network#Configuration#Operators
·birkep.github.io·
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability. When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.
#dlink#EN#2025#announcement#DSL-3788#hardware#RCE#vulnerability
·supportannouncement.us.dlink.com·
(Non-US) :: DSL-3788 :: H/W Rev. Ax/Bx :: F/W v1.01R1B036_EU_EN :: Unauthenticated Remote Code Execution (RCE) Vulnerability
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.
#cside.dev#EN#2025#skimmer#cyber#DSS#client-side#PCI#policies#c/side#website#javascript#card#development#web#attack#browser#chain#breaches#content#manager#vulnerability#data#magecart#supply#client/side#credit#security#tag#v4#script#formjacking
·cside.dev·
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
A look at the recent rsync vulnerability
A look at the recent rsync vulnerability
On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popular file-synchronization tool. While software vulnerabilities are not uncommon, the most serious one he announced allows for remote code execution on servers that run rsyncd — and possibly other configurations. The bug itself is fairly simple, but this event provides a nice opportunity to dig into it, show why it is so serious, and consider ways the open-source community can prevent such mistakes in the future. The vulnerabilities were found by two groups of researchers: Simon Scannell, Pedro Gallegos, and Jasiel Spelman from Google's Cloud Vulnerability Research identified five of them, including the most serious one. Aleksei Gorban, a security researcher at TikTok, discovered the sixth — a race condition in how rsync handles symbolic links.
#LWN.net#EN#2025#rsync#vulnerability#CVE-2024-12084
·lwn.net·
A look at the recent rsync vulnerability
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
#welivesecurity#EN#2025#CVE-2024-7344#UEFI#Secure#Boot#vulnerability#certificate
·welivesecurity.com·
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344